2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 1999-2001 Robert N. M. Watson
7 * This software was developed by Robert Watson for the TrustedBSD Project.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 #include <sys/cdefs.h>
32 __FBSDID("$FreeBSD$");
34 #include <sys/param.h>
35 #include <sys/systm.h>
36 #include <sys/capsicum.h>
38 #include <sys/mount.h>
39 #include <sys/mutex.h>
40 #include <sys/sysproto.h>
41 #include <sys/fcntl.h>
42 #include <sys/namei.h>
43 #include <sys/filedesc.h>
44 #include <sys/limits.h>
45 #include <sys/vnode.h>
47 #include <sys/extattr.h>
49 #include <security/audit/audit.h>
50 #include <security/mac/mac_framework.h>
53 * Syscall to push extended attribute configuration information into the VFS.
54 * Accepts a path, which it converts to a mountpoint, as well as a command
55 * (int cmd), and attribute name and misc data.
57 * Currently this is used only by UFS1 extended attributes.
60 sys_extattrctl(td, uap)
62 struct extattrctl_args /* {
70 struct vnode *filename_vp;
72 struct mount *mp, *mp_writable;
73 char attrname[EXTATTR_MAXNAMELEN];
76 AUDIT_ARG_CMD(uap->cmd);
77 AUDIT_ARG_VALUE(uap->attrnamespace);
79 * uap->attrname is not always defined. We check again later when we
80 * invoke the VFS call so as to pass in NULL there if needed.
82 if (uap->attrname != NULL) {
83 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN,
88 AUDIT_ARG_TEXT(attrname);
92 if (uap->filename != NULL) {
93 NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE2,
94 UIO_USERSPACE, uap->filename, td);
98 filename_vp = nd.ni_vp;
99 NDFREE(&nd, NDF_NO_VP_RELE);
102 /* uap->path is always defined. */
103 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1,
104 UIO_USERSPACE, uap->path, td);
108 mp = nd.ni_vp->v_mount;
109 error = vfs_busy(mp, 0);
115 VOP_UNLOCK(nd.ni_vp, 0);
116 error = vn_start_write(nd.ni_vp, &mp_writable, V_WAIT | PCATCH);
117 NDFREE(&nd, NDF_NO_VP_UNLOCK);
120 if (filename_vp != NULL) {
122 * uap->filename is not always defined. If it is,
123 * grab a vnode lock, which VFS_EXTATTRCTL() will
126 error = vn_lock(filename_vp, LK_EXCLUSIVE);
128 vn_finished_write(mp_writable);
133 error = VFS_EXTATTRCTL(mp, uap->cmd, filename_vp, uap->attrnamespace,
134 uap->attrname != NULL ? attrname : NULL);
136 vn_finished_write(mp_writable);
142 * VFS_EXTATTRCTL will have unlocked, but not de-ref'd, filename_vp,
143 * so vrele it if it is defined.
145 if (filename_vp != NULL)
151 * Set a named extended attribute on a file or directory
153 * Arguments: unlocked vnode "vp", attribute namespace "attrnamespace",
154 * kernelspace string pointer "attrname", userspace buffer
155 * pointer "data", buffer length "nbytes", thread "td".
156 * Returns: 0 on success, an error number otherwise
158 * References: vp must be a valid reference for the duration of the call
161 extattr_set_vp(struct vnode *vp, int attrnamespace, const char *attrname,
162 void *data, size_t nbytes, struct thread *td)
170 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
173 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
175 aiov.iov_base = data;
176 aiov.iov_len = nbytes;
177 auio.uio_iov = &aiov;
180 if (nbytes > IOSIZE_MAX) {
184 auio.uio_resid = nbytes;
185 auio.uio_rw = UIO_WRITE;
186 auio.uio_segflg = UIO_USERSPACE;
191 error = mac_vnode_check_setextattr(td->td_ucred, vp, attrnamespace,
197 error = VOP_SETEXTATTR(vp, attrnamespace, attrname, &auio,
199 cnt -= auio.uio_resid;
200 td->td_retval[0] = cnt;
204 vn_finished_write(mp);
209 sys_extattr_set_fd(td, uap)
211 struct extattr_set_fd_args /* {
214 const char *attrname;
220 char attrname[EXTATTR_MAXNAMELEN];
224 AUDIT_ARG_FD(uap->fd);
225 AUDIT_ARG_VALUE(uap->attrnamespace);
226 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
229 AUDIT_ARG_TEXT(attrname);
231 error = getvnode(td, uap->fd,
232 cap_rights_init(&rights, CAP_EXTATTR_SET), &fp);
236 error = extattr_set_vp(fp->f_vnode, uap->attrnamespace,
237 attrname, uap->data, uap->nbytes, td);
244 sys_extattr_set_file(td, uap)
246 struct extattr_set_file_args /* {
249 const char *attrname;
255 char attrname[EXTATTR_MAXNAMELEN];
258 AUDIT_ARG_VALUE(uap->attrnamespace);
259 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
262 AUDIT_ARG_TEXT(attrname);
264 NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, UIO_USERSPACE,
269 NDFREE(&nd, NDF_ONLY_PNBUF);
271 error = extattr_set_vp(nd.ni_vp, uap->attrnamespace, attrname,
272 uap->data, uap->nbytes, td);
279 sys_extattr_set_link(td, uap)
281 struct extattr_set_link_args /* {
284 const char *attrname;
290 char attrname[EXTATTR_MAXNAMELEN];
293 AUDIT_ARG_VALUE(uap->attrnamespace);
294 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
297 AUDIT_ARG_TEXT(attrname);
299 NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
304 NDFREE(&nd, NDF_ONLY_PNBUF);
306 error = extattr_set_vp(nd.ni_vp, uap->attrnamespace, attrname,
307 uap->data, uap->nbytes, td);
314 * Get a named extended attribute on a file or directory
316 * Arguments: unlocked vnode "vp", attribute namespace "attrnamespace",
317 * kernelspace string pointer "attrname", userspace buffer
318 * pointer "data", buffer length "nbytes", thread "td".
319 * Returns: 0 on success, an error number otherwise
321 * References: vp must be a valid reference for the duration of the call
324 extattr_get_vp(struct vnode *vp, int attrnamespace, const char *attrname,
325 void *data, size_t nbytes, struct thread *td)
327 struct uio auio, *auiop;
333 vn_lock(vp, LK_SHARED | LK_RETRY);
336 * Slightly unusual semantics: if the user provides a NULL data
337 * pointer, they don't want to receive the data, just the maximum
344 aiov.iov_base = data;
345 aiov.iov_len = nbytes;
346 auio.uio_iov = &aiov;
349 if (nbytes > IOSIZE_MAX) {
353 auio.uio_resid = nbytes;
354 auio.uio_rw = UIO_READ;
355 auio.uio_segflg = UIO_USERSPACE;
363 error = mac_vnode_check_getextattr(td->td_ucred, vp, attrnamespace,
369 error = VOP_GETEXTATTR(vp, attrnamespace, attrname, auiop, sizep,
373 cnt -= auio.uio_resid;
374 td->td_retval[0] = cnt;
376 td->td_retval[0] = size;
384 sys_extattr_get_fd(td, uap)
386 struct extattr_get_fd_args /* {
389 const char *attrname;
395 char attrname[EXTATTR_MAXNAMELEN];
399 AUDIT_ARG_FD(uap->fd);
400 AUDIT_ARG_VALUE(uap->attrnamespace);
401 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
404 AUDIT_ARG_TEXT(attrname);
406 error = getvnode(td, uap->fd,
407 cap_rights_init(&rights, CAP_EXTATTR_GET), &fp);
411 error = extattr_get_vp(fp->f_vnode, uap->attrnamespace,
412 attrname, uap->data, uap->nbytes, td);
419 sys_extattr_get_file(td, uap)
421 struct extattr_get_file_args /* {
424 const char *attrname;
430 char attrname[EXTATTR_MAXNAMELEN];
433 AUDIT_ARG_VALUE(uap->attrnamespace);
434 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
437 AUDIT_ARG_TEXT(attrname);
439 NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td);
443 NDFREE(&nd, NDF_ONLY_PNBUF);
445 error = extattr_get_vp(nd.ni_vp, uap->attrnamespace, attrname,
446 uap->data, uap->nbytes, td);
453 sys_extattr_get_link(td, uap)
455 struct extattr_get_link_args /* {
458 const char *attrname;
464 char attrname[EXTATTR_MAXNAMELEN];
467 AUDIT_ARG_VALUE(uap->attrnamespace);
468 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
471 AUDIT_ARG_TEXT(attrname);
473 NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path,
478 NDFREE(&nd, NDF_ONLY_PNBUF);
480 error = extattr_get_vp(nd.ni_vp, uap->attrnamespace, attrname,
481 uap->data, uap->nbytes, td);
488 * extattr_delete_vp(): Delete a named extended attribute on a file or
491 * Arguments: unlocked vnode "vp", attribute namespace "attrnamespace",
492 * kernelspace string pointer "attrname", proc "p"
493 * Returns: 0 on success, an error number otherwise
495 * References: vp must be a valid reference for the duration of the call
498 extattr_delete_vp(struct vnode *vp, int attrnamespace, const char *attrname,
504 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
507 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
510 error = mac_vnode_check_deleteextattr(td->td_ucred, vp, attrnamespace,
516 error = VOP_DELETEEXTATTR(vp, attrnamespace, attrname, td->td_ucred,
518 if (error == EOPNOTSUPP)
519 error = VOP_SETEXTATTR(vp, attrnamespace, attrname, NULL,
525 vn_finished_write(mp);
530 sys_extattr_delete_fd(td, uap)
532 struct extattr_delete_fd_args /* {
535 const char *attrname;
539 char attrname[EXTATTR_MAXNAMELEN];
543 AUDIT_ARG_FD(uap->fd);
544 AUDIT_ARG_VALUE(uap->attrnamespace);
545 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
548 AUDIT_ARG_TEXT(attrname);
550 error = getvnode(td, uap->fd,
551 cap_rights_init(&rights, CAP_EXTATTR_DELETE), &fp);
555 error = extattr_delete_vp(fp->f_vnode, uap->attrnamespace,
562 sys_extattr_delete_file(td, uap)
564 struct extattr_delete_file_args /* {
567 const char *attrname;
571 char attrname[EXTATTR_MAXNAMELEN];
574 AUDIT_ARG_VALUE(uap->attrnamespace);
575 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
578 AUDIT_ARG_TEXT(attrname);
580 NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td);
584 NDFREE(&nd, NDF_ONLY_PNBUF);
586 error = extattr_delete_vp(nd.ni_vp, uap->attrnamespace, attrname, td);
592 sys_extattr_delete_link(td, uap)
594 struct extattr_delete_link_args /* {
597 const char *attrname;
601 char attrname[EXTATTR_MAXNAMELEN];
604 AUDIT_ARG_VALUE(uap->attrnamespace);
605 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
608 AUDIT_ARG_TEXT(attrname);
610 NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td);
614 NDFREE(&nd, NDF_ONLY_PNBUF);
616 error = extattr_delete_vp(nd.ni_vp, uap->attrnamespace, attrname, td);
622 * Retrieve a list of extended attributes on a file or directory.
624 * Arguments: unlocked vnode "vp", attribute namespace 'attrnamespace",
625 * userspace buffer pointer "data", buffer length "nbytes",
627 * Returns: 0 on success, an error number otherwise
629 * References: vp must be a valid reference for the duration of the call
632 extattr_list_vp(struct vnode *vp, int attrnamespace, void *data,
633 size_t nbytes, struct thread *td)
635 struct uio auio, *auiop;
641 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
647 aiov.iov_base = data;
648 aiov.iov_len = nbytes;
649 auio.uio_iov = &aiov;
652 if (nbytes > IOSIZE_MAX) {
656 auio.uio_resid = nbytes;
657 auio.uio_rw = UIO_READ;
658 auio.uio_segflg = UIO_USERSPACE;
666 error = mac_vnode_check_listextattr(td->td_ucred, vp, attrnamespace);
671 error = VOP_LISTEXTATTR(vp, attrnamespace, auiop, sizep,
675 cnt -= auio.uio_resid;
676 td->td_retval[0] = cnt;
678 td->td_retval[0] = size;
687 sys_extattr_list_fd(td, uap)
689 struct extattr_list_fd_args /* {
700 AUDIT_ARG_FD(uap->fd);
701 AUDIT_ARG_VALUE(uap->attrnamespace);
702 error = getvnode(td, uap->fd,
703 cap_rights_init(&rights, CAP_EXTATTR_LIST), &fp);
707 error = extattr_list_vp(fp->f_vnode, uap->attrnamespace, uap->data,
715 sys_extattr_list_file(td, uap)
717 struct extattr_list_file_args /* {
727 AUDIT_ARG_VALUE(uap->attrnamespace);
728 NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td);
732 NDFREE(&nd, NDF_ONLY_PNBUF);
734 error = extattr_list_vp(nd.ni_vp, uap->attrnamespace, uap->data,
742 sys_extattr_list_link(td, uap)
744 struct extattr_list_link_args /* {
754 AUDIT_ARG_VALUE(uap->attrnamespace);
755 NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path,
760 NDFREE(&nd, NDF_ONLY_PNBUF);
762 error = extattr_list_vp(nd.ni_vp, uap->attrnamespace, uap->data,